Cost: Exam and training for the OSCP with 1 month (30 days) lab access is about $1000. Whereas, The CEH exam alone costs about $1,200 (plus $100 eligibility fee for self-study candidates) with average training cost of about $3000. However, re-take of exam is at a discounted price. There is also the CEH (Practical) exam which costs $550 (if you choose to take this).
Market Value: the OSCP is more regarded in the market for penetration testing or hacking than the CEH. However, the CEH is recognised by the US Department of Defense and can help you meet the DoD 8570 requirements.
Prerequisites: The OSCP has no prerequisites in particular apart from some basics like having prior Windows or basic Linux knowledge, scripting etc. The CEH does have a prerequisite of passing or having the CND (Certified Network Defender), or 2 years work experience, or going through a training delivered by a certified trainer or training company. By the way, Firebrand is definitely a place I can recommend should you be looking for certified trainers for the CEH.
{N.B. This was not sponsored by Firebrand}
Content quality: CEH touches concepts and methods at a reasonable depth for a beginner ethical hacker but emphasizes “Ethics” a lot. Whereas, the OSCP is more focused on offense and attacks and does not really emphasize ethics like the CEH.
Career opportunities: Which is likely to get you more noticed? To be honest, the OSCP literally gets Companies and Recruiters knocking on your door. This is not to say the CEH does not do same. Having the CEH could also make you stand out in a couple of opportunities. But if a recruiter were to choose between a candidate with OSCP and a candidate with CEH; OSCP would be chosen 6 out of 10 times (some might argue 7 out of 10 times). Remember we said no B.S. We’re facing facts and reality.
Exam: The CEH is a 3-4hours multi-choice exam while the OSCP is a 24-hours hands-on exam and score is based on how many hosts you are able to compromise successfully. There is also the CEH practical exam which is a bit more challenging than the regular CEH theoretical exam. The CEH Practical exam is about 6 hours and requires demonstration of ethical hacking skills in solving the challenge given.
Expiration/Validity: The OSCP does not expire. It remains valid once earned. This is not the case with the CEH. The CEH has a 3 year validity period. One would need to renew the certification by earning up to 120 ECE credits within the space of the three years. There is a yearly requirement of 40 ECE Credits and to be eligible to submit these ECE Credits, you must be a member and to remain a member, you have to pay a yearly membership fee of $80. However, an advantage of the yearly 40 ECE credits is that it shows the CEH holder is current in the field and not just keeping a certification they have lost touch with. It also encourages CEH holders to keep improving and keep learning.
What are your thoughts on the validity?
Conclusion
This article is not to tell you which to go for but to help you make a more informed decision before taking either. You can also click here to read our 3-minute article on the CEH. If there are any thoughts, updates or additions, please feel free to share in the comments section below. Here at CyberPhorm, we do not know it all and it is more beautiful when we learn from each other.
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?